Support skipping Redis TLS cert verification #4717

New Issue

adam · 2025-12-29T19:19:50+01:00

adam commented

2025-12-29 19:19:50 +01:00

Originally created by @mraerino on GitHub (Apr 3, 2021).

Originally assigned to: @mraerino on GitHub.

NetBox version

v.2.10.8

Feature type

Change to existing functionality

Proposed functionality

Allow setting ssl_cert_reqs=None on the redis client used for Cacheops and Django-RQ.

Use case

This is required for using the Heroku-provided Redis instances with Netbox. They force you to use TLS, but don't provide proper certificates. See https://devcenter.heroku.com/articles/heroku-redis#connecting-in-python

Database changes

No response

External dependencies

No response

This is how it could be implemented:

For Django-RQ the option is available as SSL_CERT_REQS on the config dict (code change)

For Django-Cacheops it seems switching from an url to a kwargs dict for redis-py would suffice: https://github.com/Suor/django-cacheops/blob/master/cacheops/redis.py#L103-L107

e.g. changing the config block in settings.py to

CACHEOPS_REDIS = {
  'host': CACHING_REDIS_HOST,
  'port': CACHING_REDIS_PORT,
  'password': CACHING_REDIS_PASSWORD,
  'ssl': CACHING_REDIS_SSL,
  'ssl_cert_reqs': CACHING_REDIS_VERIFY_CERT ? 'required' : None,
}

Originally created by @mraerino on GitHub (Apr 3, 2021). Originally assigned to: @mraerino on GitHub. ### NetBox version v.2.10.8 ### Feature type Change to existing functionality ### Proposed functionality Allow setting `ssl_cert_reqs=None` on the redis client used for Cacheops and Django-RQ. ### Use case This is required for using the Heroku-provided Redis instances with Netbox. They force you to use TLS, but don't provide proper certificates. See https://devcenter.heroku.com/articles/heroku-redis#connecting-in-python ### Database changes _No response_ ### External dependencies _No response_ This is how it could be implemented: --- For Django-RQ the option is available as `SSL_CERT_REQS` on the config dict ([code change](https://github.com/rq/django-rq/pull/468/files#diff-badadead2c3366292ace3e0fe95fe4dcbde3cabf08c091902f8dbdc036868b6dR115)) --- For Django-Cacheops it seems switching from an url to a kwargs dict for `redis-py` would suffice: https://github.com/Suor/django-cacheops/blob/master/cacheops/redis.py#L103-L107 e.g. changing the config block in `settings.py` to ``` CACHEOPS_REDIS = { 'host': CACHING_REDIS_HOST, 'port': CACHING_REDIS_PORT, 'password': CACHING_REDIS_PASSWORD, 'ssl': CACHING_REDIS_SSL, 'ssl_cert_reqs': CACHING_REDIS_VERIFY_CERT ? 'required' : None, } ```

adam added the status: accepted type: feature labels 2025-12-29 19:19:50 +01:00

adam closed this issue

2025-12-29 19:19:50 +01:00

adam referenced this issue

2025-12-29 19:30:31 +01:00

XSS in markdown rendering #5639

Sign in to join this conversation.

Branches Tags

main

update-changelog-comments-docs

feature-removal-issue-type

20911-dropdown

20239-plugin-menu-classes-mutable-state

21097-graphql-id-lookups

feature

fix_module_substitution

20923-dcim-templates

20044-elevation-stuck-lightmode

feature-ip-prefix-link

v4.5-beta1-release

20068-import-moduletype-attrs

20766-fix-german-translation-code-literals

20378-del-script

7604-filter-modifiers-v3

circuit-swap

12318-case-insensitive-uniqueness

20637-improve-device-q-filter

20660-script-load

19724-graphql

20614-update-ruff

14884-script

02496-max-page

19720-macaddress-interface-generic-relation

19408-circuit-terminations-export-templates

20203-openapi-check

fix-19669-api-image-download

7604-filter-modifiers

19275-fixes-interface-bulk-edit

fix-17794-get_field_value_return_list

11507-show-aggregate-and-rir-on-api

9583-add_column_specific_search_field_to_tables

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/netbox#4717